Exploitation Framework for Embedded Devices

SpiderFoot automates OSINT collection so that you can focus on analysis.

Damn Vulnerable Web Application (DVWA)

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

A collection of open source and commercial tools that aid in red team operations.

An Information Security Reference That Doesn't Suck

A collected list of awesome security talks

A curated list of awesome infosec courses and training resources.

巡风是一款适用于企业内网的漏洞快速应急，巡航扫描系统。

Fast web fuzzer written in Go

Collaborative Penetration Test and Vulnerability Management Platform

A list of interesting payloads, tips and tricks for bug bounty hunters.

Cameradar hacks its way into RTSP videosurveillance cameras

A collection of all the data i could extract from 1 billion leaked credentials from internet.

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

🔐 Security advisories as a simple composer exclusion list, regularly updated

Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐

🔍 A collection of interesting, funny, and depressing search queries to plug into https://shodan.io/ 👩‍💻

A python script that finds endpoints in JavaScript files

📡 A python program to create a fake AP and sniff data.

A proposed standard that allows websites to define security policies.

🏴‍☠️ Tools for pentesting, CTFs & wargames. 🏴‍☠️

VirusTotal Wanna Be - Now with 100% more Hipster

Scan for open AWS S3 buckets and dump the contents

🔥 A powerful MongoDB auditing and pentesting tool 🔥

Awesome Node.js Security resources

CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection

Subdomain Takeover tool written in Go

Malcom - Malware Communications Analyzer

A flexible control server for osquery fleets